[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
IT managers could be swayed to turn to hacking for as little as a couple thousand dollars, according new research from Centrify. According to the findings, 24% of U.S IT decision makers hear more ab
IT managers could be swayed to turn to hacking for as little as a couple thousand dollars, according new research from Centrify.
According to the findings, 24% of U.S IT decision makers hear more about office happy hours than they do about security, while 22% hear more about office birthdays and 18% hear more about kitchen etiquette.
The survey also revealed how little it would cost to persuade an IT decision maker to become a hacker.
When asked if they would become a hacker for $2,000 or less, 28% respondents said yes.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5b8d73c124&e=20056c7556
The hackers are now using well-known brands names such as Standard Chartered Bank on LinkedIn to attract senior executives to divulge information that they can use. It’s all very plausible unless you
The hackers are now using well-known brands names such as Standard Chartered Bank on LinkedIn to attract senior executives to divulge information that they can use.
It’s all very plausible unless you know what to look for.
Using a process called ‘social engineering’, OCGs assemble as much information via the Internet as they can on a target subject within an organisation that has been identified as likely prey.
LinkedIn is proving a rich vein for OCGs.
Executives have become too cavalier about posting details of their movements and personal information on LinkedIn.
KCS’ own experience shows that 90 per cent of passwords take the form of the name of a sports team, a pet or other personal details.
But even if the target has been careful to use a more complex password, his or her organisation’s most sensitive data might still be at risk.
For example, details of business trip dates combined with personal details such as a recent illness or family names can be all an OCG needs to socially engineer a ‘Friday Afternoon’ attack.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d8bd2a7021&e=20056c7556
Non-profit CIOs talk data security at Dreamforce
Last year, Dreamforce 2014 attracted 7,000 attendees from non-profits, around 5 percent of the 135,000 total.
This year’s figures have yet to be released, but 8,000 were expected and 120 breakout sessions were dedicated to the sector.
..it was good to see Salesforce.com’s vice president of strategic research Peter Coffee address the issue at a non-profit CIO panel held at Dreamforce.
Data security is a major issue for the sector, Coffee pointed out, because if they lose the trust and confidence of donors, volunteers and the people they aim to help, much of their good will quickly grind to a halt.
So how are non-profit CIOs using new technologies and improved IT practices, he asked, to cope in a climate:
But for him, he added, the real challenge around data security doesn’t lie in implementing technology, but in pushing through the cultural change of attitudes needed to ensure that Sierra Club employees understand the risks and follow procedures that keep data safe.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=16ebca8b2a&e=20056c7556
Collaboration Between HR, IT Essential to Prevent Data Breaches, HR Exec Says
Preventing data breaches in an organization requires a strong collaborative effort between the HR and IT departments—a collaboration that may even involve a blurring of the line between those traditionally separate functions.
That’s the assessment of Jacqui Summons, international HR director at Clearswift, a provider of data loss prevention technology in the UK.
I had the opportunity to speak with Summons about this topic recently, and I began the conversation by asking her to provide an overview of what HR’s role should be in preventing data loss.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4fafaf287c&e=20056c7556
DHS CISO: Revoke security clearance of feds who keep falling for phishing scams
During the “Government CISO Priorities” track at the Billington Cybersecurity Summit held last week in Washington, Beckman explained that he sends fake phishing emails to DHS staff members to see if they will fall for it.
NextGov reported that he is concerned about how often “even senior-level federal employees” who handle top-secret documents fall for the scams; Beckman is apparently so frustrated that he believes it’s time to adopt “get-tough solutions.”
Right now, the cost of cleaning up after cyberattacks falls on the victims, but DoD CIO Terry Halvorsen wants to make it more expensive for hackers to “play.” He said, “We are on the wrong side of the cyber economic curve.
We need to raise barriers to attackers’ entry, making it more expensive to play.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4cd82b4a4f&e=20056c7556
India to cripple its tech sector with proposed encryption crackdown
The Indian government has published a draft of its latest plans for encryption.
The proposals spell bad news for domestic software developers and will make other companies looking to do business in the subcontinent very nervous indeed.
The new National Encryption Policy [PDF] proposed by the nation’s Department of Electronics and Information Technology states that the government will require applications using encryption to store plain text versions of all data for 90 days so that they can be examined by the police if need be.
In addition, any overseas companies using encryption must submit their full crypto software, along with testing suites and supporting documentation, for scrutiny by the Indian government.
No encryption algorithms or key lengths that haven’t been approved by the government will be allowed.
Bear in mind, however, that these are proposed rules only.
The public comment period is open until October 16, and it’s to be hoped that by then India’s large technology sector will have pointed out how stupid and misguided these plans are. ®
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bf5c715a3e&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=27e3e54350)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)